Date: Tue, 7 Jul 1998 12:38:46 -0700 (PDT) From: dima@best.net (Dima Ruban) To: joda@pdc.kth.se (Johan Danielsson) Cc: dima@best.net, ludwigp@bigfoot.com, security@FreeBSD.ORG Subject: Re: kerberos su problems betw 2 machines Message-ID: <199807071938.MAA00439@burka.rdy.com> In-Reply-To: <xof3ecd5uvx.fsf@blubb.pdc.kth.se> from Johan Danielsson at "Jul 7, 1998 9:22:10 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Johan Danielsson writes: > dima@best.net (Dima Ruban) writes: > > > Make sure, lookup on both IP addresses on your interfaces gives you > > _the same_ name. > > I don't think this is the problem. In MIT Kerberos 5, you can get a > working multi-homed configuration by making sure that the hostname has > A records for all it's interfaces. In Kerberos 4 (which we are dealing I'm not sure that A records for all the interfaces would be enough. Some time ago I've had a multihomed machine with krb5 and I'm pretty sure all the IPs on the interfaces had an A record. And util I've fixed all of them to resolve to the same name (hostname) this multihomed configuration didn't work as it was supposed to. > with here), only has room for one ip-address in the ticket, and the > KDC chooses that address based on the ip-address the request was sent > from. > > /Johan > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807071938.MAA00439>